2024-word-wide-ctf WP

clev1L Lv3
  2024-12-01 17:20:14 2024-12-01 17:20:14 Created   2025-02-23 12:29:57 2025-02-23 12:29:57 Updated  11.5k Words  71 Mins  

Flag Checker

利用长度为4的pbInput的md5值解密资源文件

导出资源文件

大量重复的字节,说明是和0异或的,就是hash的一部分,利用这部分去爆破hash

1
2
3
4
5
6
7
8
9
10
11
12
13
from itertools import *
import hashlib
from tqdm import tqdm
import string
def getdigest(content):
    return hashlib.md5(str(content).encode('utf-8')).hexdigest()

for test in tqdm(product(string.printable,repeat=4)):
    if "0F4D0DB3668DD58C".lower() in getdigest("".join(list(test))):
        print("".join(list(test)))
        exit()
        
#FLAG

利用得到的字节解密资源文件

找到关键代码,发现aes加密,动调拿到密钥和iv都是REVERSE ENGINEER(这里不知道怎么动调,附加进程不行,直接改rip跳的)

解密拿到flag

wwf{Try_t0_c0mmun1c4t3_by_p1p3_H0p3_Y0u_L1k3_It}

Ransom Waifu

js解混淆,

https://tool.yuanrenxue.cn/decode_obfuscator

解出来可以发现是vm

这里是每个opcode对应的操作

在每个opcode中添加console.log输出日志

最终js为

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
function check(_0x25883e) {
  const _0x55b20f = [3, 0, 4, 0, 5, '0', '3', '0', '1', 0, 6, 0, 7, '0', '3', '0', '1', '11', 1, 8, 1, 9, '0', '3', '0', '4', 2, 10, 2, 11, '0', '3', '0', '6', '11', 0, 12, 0, 13, '0', '3', '0', '1', 0, 14, 0, 15, '0', '3', '0', '1', '6', 1, 16, 1, 17, '0', '3', '0', '11', 2, 18, 2, 19, '0', '3', '0', '4', 20, '6', '11', 21, '4', 22, '8', 23, 0, 24, 0, 25, '0', '3', '0', '1', 0, 26, 0, 27, '0', '3', '0', '1', '11', 1, 28, 1, 29, '0', '3', '0', '4', 2, 30, 2, 31, '0', '3', '0', '6', '11', 0, 32, 0, 33, '0', '3', '0', '1', 0, 34, 0, 35, '0', '3', '0', '1', '6', 1, 36, 1, 37, '0', '3', '0', '11', 2, 38, 2, 39, '0', '3', '0', '4', 40, '6', '11', 41, '4', 42, '8', '13', 43, 0, 44, 0, 45, '0', '3', '0', '1', 0, 46, 0, 47, '0', '3', '0', '1', '11', 1, 48, 1, 49, '0', '3', '0', '4', 2, 50, 2, 51, '0', '3', '0', '6', '11', 0, 52, 0, 53, '0', '3', '0', '1', 0, 54, 0, 55, '0', '3', '0', '1', '6', 1, 56, 1, 57, '0', '3', '0', '11', 2, 58, 2, 59, '0', '3', '0', '4', 60, '6', '11', 61, '4', 62, '8', '13', 63, 0, 64, 0, 65, '0', '3', '0', '1', 0, 66, 0, 67, '0', '3', '0', '1', '11', 1, 68, 1, 69, '0', '3', '0', '4', 2, 70, 2, 71, '0', '3', '0', '6', '11', 0, 72, 0, 73, '0', '3', '0', '1', 0, 74, 0, 75, '0', '3', '0', '1', '6', 1, 76, 1, 77, '0', '3', '0', '11', 2, 78, 2, 79, '0', '3', '0', '4', 80, '6', '11', 81, '4', 82, '8', '13', 83, 0, 84, 0, 85, '0', '3', '0', '1', 0, 86, 0, 87, '0', '3', '0', '1', '11', 1, 88, 1, 89, '0', '3', '0', '4', 2, 90, 2, 91, '0', '3', '0', '6', '11', 0, 92, 0, 93, '0', '3', '0', '1', 0, 94, 0, 95, '0', '3', '0', '1', '6', 1, 96, 1, 97, '0', '3', '0', '11', 2, 98, 2, 99, '0', '3', '0', '4', 100, '6', '11', 101, '4', 102, '8', '13', 103, 0, 104, 0, 105, '0', '3', '0', '1', 0, 106, 0, 107, '0', '3', '0', '1', '11', 1, 108, 1, 109, '0', '3', '0', '4', 2, 110, 2, 111, '0', '3', '0', '6', '11', 0, 112, 0, 113, '0', '3', '0', '1', 0, 114, 0, 115, '0', '3', '0', '1', '6', 1, 116, 1, 117, '0', '3', '0', '11', 2, 118, 2, 119, '0', '3', '0', '4', 120, '6', '11', 121, '4', 122, '8', '13', 123, 0, 124, 0, 125, '0', '3', '0', '1', 0, 126, 0, 127, '0', '3', '0', '1', '11', 1, 128, 1, 129, '0', '3', '0', '4', 2, 130, 2, 131, '0', '3', '0', '6', '11', 0, 132, 0, 133, '0', '3', '0', '1', 0, 134, 0, 135, '0', '3', '0', '1', '6', 1, 136, 1, 137, '0', '3', '0', '11', 2, 138, 2, 139, '0', '3', '0', '4', 140, '6', '11', 141, '4', 142, '8', '13', 143, 0, 144, 0, 145, '0', '3', '0', '1', 0, 146, 0, 147, '0', '3', '0', '1', '11', 1, 148, 1, 149, '0', '3', '0', '4', 2, 150, 2, 151, '0', '3', '0', '6', '11', 0, 152, 0, 153, '0', '3', '0', '1', 0, 154, 0, 155, '0', '3', '0', '1', '6', 1, 156, 1, 157, '0', '3', '0', '11', 2, 158, 2, 159, '0', '3', '0', '4', 160, '6', '11', 161, '4', 162, '8', '13', 163, 0, 164, 0, 165, '0', '3', '0', '1', 0, 166, 0, 167, '0', '3', '0', '1', '11', 1, 168, 1, 169, '0', '3', '0', '4', 2, 170, 2, 171, '0', '3', '0', '6', '11', 0, 172, 0, 173, '0', '3', '0', '1', 0, 174, 0, 175, '0', '3', '0', '1', '6', 1, 176, 1, 177, '0', '3', '0', '11', 2, 178, 2, 179, '0', '3', '0', '4', 180, '6', '11', 181, '4', 182, '8', '13', 183, 0, 184, 0, 185, '0', '3', '0', '1', 0, 186, 0, 187, '0', '3', '0', '1', '11', 1, 188, 1, 189, '0', '3', '0', '4', 2, 190, 2, 191, '0', '3', '0', '6', '11', 0, 192, 0, 193, '0', '3', '0', '1', 0, 194, 0, 195, '0', '3', '0', '1', '6', 1, 196, 1, 197, '0', '3', '0', '11', 2, 198, 2, 199, '0', '3', '0', '4', 200, '6', '11', 201, '4', 202, '8', '13', 203, 0, 204, 0, 205, '0', '3', '0', '1', 0, 206, 0, 207, '0', '3', '0', '1', '11', 1, 208, 1, 209, '0', '3', '0', '4', 2, 210, 2, 211, '0', '3', '0', '6', '11', 0, 212, 0, 213, '0', '3', '0', '1', 0, 214, 0, 215, '0', '3', '0', '1', '6', 1, 216, 1, 217, '0', '3', '0', '11', 2, 218, 2, 219, '0', '3', '0', '4', 220, '6', '11', 221, '4', 222, '8', '13', 223, 0, 224, 0, 225, '0', '3', '0', '1', 0, 226, 0, 227, '0', '3', '0', '1', '11', 1, 228, 1, 229, '0', '3', '0', '4', 2, 230, 2, 231, '0', '3', '0', '6', '11', 0, 232, 0, 233, '0', '3', '0', '1', 0, 234, 0, 235, '0', '3', '0', '1', '6', 1, 236, 1, 237, '0', '3', '0', '11', 2, 238, 2, 239, '0', '3', '0', '4', 240, '6', '11', 241, '4', 242, '8', '13', 243, 0, 244, 0, 245, '0', '3', '0', '1', 0, 246, 0, 247, '0', '3', '0', '1', '11', 1, 248, 1, 249, '0', '3', '0', '4', 2, 250, 2, 251, '0', '3', '0', '6', '11', 0, 252, 0, 253, '0', '3', '0', '1', 0, 254, 0, 255, '0', '3', '0', '1', '6', 1, 256, 1, 257, '0', '3', '0', '11', 2, 258, 2, 259, '0', '3', '0', '4', 260, '6', '11', 261, '4', 262, '8', '13', 263, 0, 264, 0, 265, '0', '3', '0', '1', 0, 266, 0, 267, '0', '3', '0', '1', '11', 1, 268, 1, 269, '0', '3', '0', '4', 2, 270, 2, 271, '0', '3', '0', '6', '11', 0, 272, 0, 273, '0', '3', '0', '1', 0, 274, 0, 275, '0', '3', '0', '1', '6', 1, 276, 1, 277, '0', '3', '0', '11', 2, 278, 2, 279, '0', '3', '0', '4', 280, '6', '11', 281, '4', 282, '8', '13', 283, 0, 284, 0, 285, '0', '3', '0', '1', 0, 286, 0, 287, '0', '3', '0', '1', '11', 1, 288, 1, 289, '0', '3', '0', '4', 2, 290, 2, 291, '0', '3', '0', '6', '11', 0, 292, 0, 293, '0', '3', '0', '1', 0, 294, 0, 295, '0', '3', '0', '1', '6', 1, 296, 1, 297, '0', '3', '0', '11', 2, 298, 2, 299, '0', '3', '0', '4', 300, '6', '11', 301, '4', 302, '8', '13', 303, 0, 304, 0, 305, '0', '3', '0', '1', 0, 306, 0, 307, '0', '3', '0', '1', '11', 1, 308, 1, 309, '0', '3', '0', '4', 2, 310, 2, 311, '0', '3', '0', '6', '11', 0, 312, 0, 313, '0', '3', '0', '1', 0, 314, 0, 315, '0', '3', '0', '1', '6', 1, 316, 1, 317, '0', '3', '0', '11', 2, 318, 2, 319, '0', '3', '0', '4', 320, '6', '11', 321, '4', 322, '8', '13', 323, 0, 324, 0, 325, '0', '3', '0', '1', 0, 326, 0, 327, '0', '3', '0', '1', '11', 1, 328, 1, 329, '0', '3', '0', '4', 2, 330, 2, 331, '0', '3', '0', '6', '11', 0, 332, 0, 333, '0', '3', '0', '1', 0, 334, 0, 335, '0', '3', '0', '1', '6', 1, 336, 1, 337, '0', '3', '0', '11', 2, 338, 2, 339, '0', '3', '0', '4', 340, '6', '11', 341, '4', 342, '8', '13', 343, 0, 344, 0, 345, '0', '3', '0', '1', 0, 346, 0, 347, '0', '3', '0', '1', '11', 1, 348, 1, 349, '0', '3', '0', '4', 2, 350, 2, 351, '0', '3', '0', '6', '11', 0, 352, 0, 353, '0', '3', '0', '1', 0, 354, 0, 355, '0', '3', '0', '1', '6', 1, 356, 1, 357, '0', '3', '0', '11', 2, 358, 2, 359, '0', '3', '0', '4', 360, '6', '11', 361, '4', 362, '8', '13', 363, 0, 364, 0, 365, '0', '3', '0', '1', 0, 366, 0, 367, '0', '3', '0', '1', '11', 1, 368, 1, 369, '0', '3', '0', '4', 2, 370, 2, 371, '0', '3', '0', '6', '11', 0, 372, 0, 373, '0', '3', '0', '1', 0, 374, 0, 375, '0', '3', '0', '1', '6', 1, 376, 1, 377, '0', '3', '0', '11', 2, 378, 2, 379, '0', '3', '0', '4', 380, '6', '11', 381, '4', 382, '8', '13', 383, 0, 384, 0, 385, '0', '3', '0', '1', 0, 386, 0, 387, '0', '3', '0', '1', '11', 1, 388, 1, 389, '0', '3', '0', '4', 2, 390, 2, 391, '0', '3', '0', '6', '11', 0, 392, 0, 393, '0', '3', '0', '1', 0, 394, 0, 395, '0', '3', '0', '1', '6', 1, 396, 1, 397, '0', '3', '0', '11', 2, 398, 2, 399, '0', '3', '0', '4', 400, '6', '11', 401, '4', 402, '8', '13', 403, 0, 404, 0, 405, '0', '3', '0', '1', 0, 406, 0, 407, '0', '3', '0', '1', '11', 1, 408, 1, 409, '0', '3', '0', '4', 2, 410, 2, 411, '0', '3', '0', '6', '11', 0, 412, 0, 413, '0', '3', '0', '1', 0, 414, 0, 415, '0', '3', '0', '1', '6', 1, 416, 1, 417, '0', '3', '0', '11', 2, 418, 2, 419, '0', '3', '0', '4', 420, '6', '11', 421, '4', 422, '8', '13', 423, 0, 424, 0, 425, '0', '3', '0', '1', 0, 426, 0, 427, '0', '3', '0', '1', '11', 1, 428, 1, 429, '0', '3', '0', '4', 2, 430, 2, 431, '0', '3', '0', '6', '11', 0, 432, 0, 433, '0', '3', '0', '1', 0, 434, 0, 435, '0', '3', '0', '1', '6', 1, 436, 1, 437, '0', '3', '0', '11', 2, 438, 2, 439, '0', '3', '0', '4', 440, '6', '11', 441, '4', 442, '8', '13', 443, 0, 444, 0, 445, '0', '3', '0', '1', 0, 446, 0, 447, '0', '3', '0', '1', '11', 1, 448, 1, 449, '0', '3', '0', '4', 2, 450, 2, 451, '0', '3', '0', '6', '11', 0, 452, 0, 453, '0', '3', '0', '1', 0, 454, 0, 455, '0', '3', '0', '1', '6', 1, 456, 1, 457, '0', '3', '0', '11', 2, 458, 2, 459, '0', '3', '0', '4', 460, '6', '11', 461, '4', 462, '8', '13', 463, 0, 464, 0, 465, '0', '3', '0', '1', 0, 466, 0, 467, '0', '3', '0', '1', '11', 1, 468, 1, 469, '0', '3', '0', '4', 2, 470, 2, 471, '0', '3', '0', '6', '11', 0, 472, 0, 473, '0', '3', '0', '1', 0, 474, 0, 475, '0', '3', '0', '1', '6', 1, 476, 1, 477, '0', '3', '0', '11', 2, 478, 2, 479, '0', '3', '0', '4', 480, '6', '11', 481, '4', 482, '8', '13', 483, 0, 484, 0, 485, '0', '3', '0', '1', 0, 486, 0, 487, '0', '3', '0', '1', '11', 1, 488, 1, 489, '0', '3', '0', '4', 2, 490, 2, 491, '0', '3', '0', '6', '11', 0, 492, 0, 493, '0', '3', '0', '1', 0, 494, 0, 495, '0', '3', '0', '1', '6', 1, 496, 1, 497, '0', '3', '0', '11', 2, 498, 2, 499, '0', '3', '0', '4', 500, '6', '11', 501, '4', 502, '8', '13', 503, 0, 504, 0, 505, '0', '3', '0', '1', 0, 506, 0, 507, '0', '3', '0', '1', '11', 1, 508, 1, 509, '0', '3', '0', '4', 2, 510, 2, 511, '0', '3', '0', '6', '11', 0, 512, 0, 513, '0', '3', '0', '1', 0, 514, 0, 515, '0', '3', '0', '1', '6', 1, 516, 1, 517, '0', '3', '0', '11', 2, 518, 2, 519, '0', '3', '0', '4', 520, '6', '11', 521, '4', 522, '8', '13', 523, 0, 524, 0, 525, '0', '3', '0', '1', 0, 526, 0, 527, '0', '3', '0', '1', '11', 1, 528, 1, 529, '0', '3', '0', '4', 2, 530, 2, 531, '0', '3', '0', '6', '11', 0, 532, 0, 533, '0', '3', '0', '1', 0, 534, 0, 535, '0', '3', '0', '1', '6', 1, 536, 1, 537, '0', '3', '0', '11', 2, 538, 2, 539, '0', '3', '0', '4', 540, '6', '11', 541, '4', 542, '8', '13', 543, 0, 544, 0, 545, '0', '3', '0', '1', 0, 546, 0, 547, '0', '3', '0', '1', '11', 1, 548, 1, 549, '0', '3', '0', '4', 2, 550, 2, 551, '0', '3', '0', '6', '11', 0, 552, 0, 553, '0', '3', '0', '1', 0, 554, 0, 555, '0', '3', '0', '1', '6', 1, 556, 1, 557, '0', '3', '0', '11', 2, 558, 2, 559, '0', '3', '0', '4', 560, '6', '11', 561, '4', 562, '8', '13', 563, 0, 564, 0, 565, '0', '3', '0', '1', 0, 566, 0, 567, '0', '3', '0', '1', '11', 1, 568, 1, 569, '0', '3', '0', '4', 2, 570, 2, 571, '0', '3', '0', '6', '11', 0, 572, 0, 573, '0', '3', '0', '1', 0, 574, 0, 575, '0', '3', '0', '1', '6', 1, 576, 1, 577, '0', '3', '0', '11', 2, 578, 2, 579, '0', '3', '0', '4', 580, '6', '11', 581, '4', 582, '8', '13', 583, 0, 584, 0, 585, '0', '3', '0', '1', 0, 586, 0, 587, '0', '3', '0', '1', '11', 1, 588, 1, 589, '0', '3', '0', '4', 2, 590, 2, 591, '0', '3', '0', '6', '11', 0, 592, 0, 593, '0', '3', '0', '1', 0, 594, 0, 595, '0', '3', '0', '1', '6', 1, 596, 1, 597, '0', '3', '0', '11', 2, 598, 2, 599, '0', '3', '0', '4', 600, '6', '11', 601, '4', 602, '8', '13', 603, 0, 604, 0, 605, '0', '3', '0', '1', 0, 606, 0, 607, '0', '3', '0', '1', '11', 1, 608, 1, 609, '0', '3', '0', '4', 2, 610, 2, 611, '0', '3', '0', '6', '11', 0, 612, 0, 613, '0', '3', '0', '1', 0, 614, 0, 615, '0', '3', '0', '1', '6', 1, 616, 1, 617, '0', '3', '0', '11', 2, 618, 2, 619, '0', '3', '0', '4', 620, '6', '11', 621, '4', 622, '8', '13', 623, 0, 624, 0, 625, '0', '3', '0', '1', 0, 626, 0, 627, '0', '3', '0', '1', '11', 1, 628, 1, 629, '0', '3', '0', '4', 2, 630, 2, 631, '0', '3', '0', '6', '11', 0, 632, 0, 633, '0', '3', '0', '1', 0, 634, 0, 635, '0', '3', '0', '1', '6', 1, 636, 1, 637, '0', '3', '0', '11', 2, 638, 2, 639, '0', '3', '0', '4', 640, '6', '11', 641, '4', 642, '8', '13', 643, 0, 644, 0, 645, '0', '3', '0', '1', 0, 646, 0, 647, '0', '3', '0', '1', '11', 1, 648, 1, 649, '0', '3', '0', '4', 2, 650, 2, 651, '0', '3', '0', '6', '11', 0, 652, 0, 653, '0', '3', '0', '1', 0, 654, 0, 655, '0', '3', '0', '1', '6', 1, 656, 1, 657, '0', '3', '0', '11', 2, 658, 2, 659, '0', '3', '0', '4', 660, '6', '11', 661, '4', 662, '8', '13', 663, 0, 664, 0, 665, '0', '3', '0', '1', 0, 666, 0, 667, '0', '3', '0', '1', '11', 1, 668, 1, 669, '0', '3', '0', '4', 2, 670, 2, 671, '0', '3', '0', '6', '11', 0, 672, 0, 673, '0', '3', '0', '1', 0, 674, 0, 675, '0', '3', '0', '1', '6', 1, 676, 1, 677, '0', '3', '0', '11', 2, 678, 2, 679, '0', '3', '0', '4', 680, '6', '11', 681, '4', 682, '8', '13', 683, 0, 684, 0, 685, '0', '3', '0', '1', 0, 686, 0, 687, '0', '3', '0', '1', '11', 1, 688, 1, 689, '0', '3', '0', '4', 2, 690, 2, 691, '0', '3', '0', '6', '11', 0, 692, 0, 693, '0', '3', '0', '1', 0, 694, 0, 695, '0', '3', '0', '1', '6', 1, 696, 1, 697, '0', '3', '0', '11', 2, 698, 2, 699, '0', '3', '0', '4', 700, '6', '11', 701, '4', 702, '8', '13', 703, 0, 704, 0, 705, '0', '3', '0', '1', 0, 706, 0, 707, '0', '3', '0', '1', '11', 1, 708, 1, 709, '0', '3', '0', '4', 2, 710, 2, 711, '0', '3', '0', '6', '11', 0, 712, 0, 713, '0', '3', '0', '1', 0, 714, 0, 715, '0', '3', '0', '1', '6', 1, 716, 1, 717, '0', '3', '0', '11', 2, 718, 2, 719, '0', '3', '0', '4', 720, '6', '11', 721, '4', 722, '8', '13', 723, 0, 724, 0, 725, '0', '3', '0', '1', 0, 726, 0, 727, '0', '3', '0', '1', '11', 1, 728, 1, 729, '0', '3', '0', '4', 2, 730, 2, 731, '0', '3', '0', '6', '11', 0, 732, 0, 733, '0', '3', '0', '1', 0, 734, 0, 735, '0', '3', '0', '1', '6', 1, 736, 1, 737, '0', '3', '0', '11', 2, 738, 2, 739, '0', '3', '0', '4', 740, '6', '11', 741, '4', 742, '8', '13', 743, 0, 744, 0, 745, '0', '3', '0', '1', 0, 746, 0, 747, '0', '3', '0', '1', '11', 1, 748, 1, 749, '0', '3', '0', '4', 2, 750, 2, 751, '0', '3', '0', '6', '11', 0, 752, 0, 753, '0', '3', '0', '1', 0, 754, 0, 755, '0', '3', '0', '1', '6', 1, 756, 1, 757, '0', '3', '0', '11', 2, 758, 2, 759, '0', '3', '0', '4', 760, '6', '11', 761, '4', 762, '8', '13'],
        _0x5ab57e = ["1DwVRiEiGWjuyupm", "vYb2h2aIafJZwgFX", "6kbUutVIpZMxQYvc", "7QakoJNVWhG5ymIp", "poB7FQorqiVyhK5t", "7W2gzK0RBrwugCj1", "XIpQkMw4ISxevkCX", "LOEYrHUc1FSi3472", "3JkFWJMpwKlUqWqQ", "l5wN4Rh3eeS8DRsr", "6eMeF1wcAxpjHw10", "ZOVFVc4IYO42SqW4", "sBZO1SnyyWECqtfA", "HbHq2ZbQRVaAQn2s", "mLONgGjM6o1iN4TF"],
        _0x11a6b6 = {
    "1DwVRiEiGWjuyupm": "ZnVuY3Rpb24gKHgsIHkpIHsKICAgICAgICBsZXQgYSA9IHlbeC5wb3AoKV0sIGIgPSB5W3gucG9wKCldCgljb25zb2xlLmxvZyhhLGIsImJbYV09IixiW2FdKQogICAgICAgIHJldHVybiBiW2FdCiAgICB9",
    "vYb2h2aIafJZwgFX": "ZnVuY3Rpb24gKHgsIHkpIHsKCWxldCBhPXlbeC5wb3AoKV07Cgljb25zb2xlLmxvZyhhLCJhdCgwKT0iLGEuY2hhckNvZGVBdCgwKSk7CiAgICAgICAgcmV0dXJuIGEuY2hhckNvZGVBdCgwKQogICAgfQ==",
    "6kbUutVIpZMxQYvc": "ZnVuY3Rpb24gKHgsIHkpIHsKCWxldCBhPXlbeC5wb3AoKV07Cgljb25zb2xlLmxvZyhhLCIhYT0iLCFhKTsKICAgICAgICByZXR1cm4gIWEKICAgIH0=",
    "7QakoJNVWhG5ymIp": "ZnVuY3Rpb24gKHgsIHkpIHsKICAgICAgICBsZXQgYSA9IHlbeC5wb3AoKV0sIGIgPSB5W3gucG9wKCldCgljb25zb2xlLmxvZyhhLGIsImIlYT0iLGIlYSk7CiAgICAgICAgcmV0dXJuIGIgJSBhCiAgICB9",
    "poB7FQorqiVyhK5t": "ZnVuY3Rpb24gKHgsIHkpIHsKCWxldCBhPXlbeC5wb3AoKV0sYj15W3gucG9wKCldOwoJY29uc29sZS5sb2coYSxiLCJhKmI9IixhKmIpOwogICAgICAgIHJldHVybiBhKmI7CiAgICB9",
    "7W2gzK0RBrwugCj1": "ZnVuY3Rpb24gKHgsIHkpIHsKCWxldCBhPXlbeC5wb3AoKV0sYj15W3gucG9wKCldOwoJY29uc29sZS5sb2coYSxiLCIxIC8gKGEgLyBiKSIsMSAvIChhIC8gYikpCiAgICAgICAgcmV0dXJuIDEgLyAoYSAvIGIpCiAgICB9",
    "XIpQkMw4ISxevkCX": "ZnVuY3Rpb24gKHgsIHkpIHsKICAgICAgICBsZXQgYSA9IHlbeC5wb3AoKV0sIGIgPSB5W3gucG9wKCldCiAgICAgICAgbGV0IGNhcnJ5ID0gYSAmIGI7CiAgICAgICAgbGV0IHJlc3VsdCA9IGEgXiBiOwogICAgICAgIHdoaWxlIChjYXJyeSAhPSAwKSB7CiAgICAgICAgICAgIGxldCBzaGlmdGVkY2FycnkgPSBjYXJyeSA8PCAxOwogICAgICAgICAgICBjYXJyeSA9IHJlc3VsdCAmIHNoaWZ0ZWRjYXJyeTsKICAgICAgICAgICAgcmVzdWx0IF49IHNoaWZ0ZWRjYXJyeTsKICAgICAgICB9CmNvbnNvbGUubG9nKGEsYiwiZnVuMT0iLHJlc3VsdCk7CiAgICAgICAgcmV0dXJuIHJlc3VsdAogICAgfQ==",
    "LOEYrHUc1FSi3472": "ZnVuY3Rpb24gKHgsIHkpIHsKICAgICAgICBsZXQgYiA9IHlbeC5wb3AoKV0sIGEgPSB5W3gucG9wKCldCiAgICAgICAgbGV0IGNhcnJ5ID0gYSAmICh+YiArIDEpOwogICAgICAgIGxldCByZXN1bHQgPSBhIF4gKH5iICsgMSk7CiAgICAgICAgd2hpbGUgKGNhcnJ5ICE9IDApIHsKICAgICAgICAgICAgbGV0IHNoaWZ0ZWRjYXJyeSA9IGNhcnJ5IDw8IDE7CiAgICAgICAgICAgIGNhcnJ5ID0gcmVzdWx0ICYgc2hpZnRlZGNhcnJ5OwogICAgICAgICAgICByZXN1bHQgXj0gc2hpZnRlZGNhcnJ5OwogICAgICAgIH0KY29uc29sZS5sb2coYSxiLCJmdW4yPSIscmVzdWx0KTsKICAgICAgICByZXR1cm4gcmVzdWx0CiAgICB9",
    //judge
    "3JkFWJMpwKlUqWqQ": "ZnVuY3Rpb24gKHgsIHkpIHsKbGV0IGE9eVt4LnBvcCgpXSxiPXlbeC5wb3AoKV07CmNvbnNvbGUubG9nKGEsYiwiYT09Yj0iLGE9PT1iKTsKICAgICAgICByZXR1cm4gYT09PWIKICAgIH0=",
    "l5wN4Rh3eeS8DRsr": "ZnVuY3Rpb24gKHgsIHkpIHsKCWxldCBhPSB5W3gucG9wKCldLGI9IHlbeC5wb3AoKV07CmNvbnNvbGUubG9nKGEsYiwiYSE9Yj0iLGEhPT1iKTsKICAgICAgICByZXR1cm4gYSAhPT0gYgogICAgfQ==",
    "6eMeF1wcAxpjHw10": "ZnVuY3Rpb24gKHgsIHkpIHsKbGV0IGE9eVt4LnBvcCgpXSxiPXlbeC5wb3AoKV07CmNvbnNvbGUubG9nKGEsYiwiYSZiPSIsYSZiKTsKICAgICAgICByZXR1cm4gYSZiOwogICAgfQ==",
    "ZOVFVc4IYO42SqW4": "ZnVuY3Rpb24gKHgsIHkpIHsKICAgICAgICBsZXQgYT15W3gucG9wKCldLGI9eVt4LnBvcCgpXTsKY29uc29sZS5sb2coYSxiLCJhXmI9IixhXmIpOwogICAgICAgIHJldHVybiBhXmI7CgogICAgfQ==",
    "sBZO1SnyyWECqtfA": "ZnVuY3Rpb24gKHgsIHkpIHsKbGV0IGE9eVt4LnBvcCgpXSxiPXlbeC5wb3AoKV07CmNvbnNvbGUubG9nKGEsYiwiYXxiPSIsYXxiKTsKICAgICAgICByZXR1cm4gYXxiOwoKICAgIH0=",
    "HbHq2ZbQRVaAQn2s": "ZnVuY3Rpb24gKHgsIHkpIHsKbGV0IGE9eVt4LnBvcCgpXSxiPXlbeC5wb3AoKV07CmNvbnNvbGUubG9nKGEsYiwiYSYmYj0iLGEmJmIpOwogICAgICAgIHJldHVybiBhJiZiOwoKICAgIH0=",
    "mLONgGjM6o1iN4TF": "ZnVuY3Rpb24gKHgsIHkpIHsKbGV0IGE9eVt4LnBvcCgpXSxiPXlbeC5wb3AoKV07CmNvbnNvbGUubG9nKGEsYiwiYXx8Yj0iLGF8fGIpOwogICAgICAgIHJldHVybiBhfHxiOwoKICAgIH0="
  };
  const _0x1c72ba = ["d3dme2Zha2VfZmxhZ30=", "d3dme2Zha2VfZmxhZ30=", "d3dme2Zha2VfZmxhZ30=", 14, 38, "length", 39, "length", 0, "length", 0, "length", 38, "length", 37, "length", 0, "length", 0, "length", 69, 69, 103569, 188, 39, "length", 40, "length", 1, "length", 1, "length", 39, "length", 38, "length", 1, "length", 1, "length", 57, 213, 1410273, 236, 40, "length", 41, "length", 2, "length", 2, "length", 40, "length", 39, "length", 2, "length", 2, "length", 38, 182, 1194466, 83, 41, "length", 42, "length", 3, "length", 3, "length", 41, "length", 40, "length", 3, "length", 3, "length", 248, 254, 3304794, 168, 42, "length", 43, "length", 4, "length", 4, "length", 42, "length", 41, "length", 4, "length", 4, "length", 101, 115, 4250975, 205, 43, "length", 44, "length", 5, "length", 5, "length", 43, "length", 42, "length", 5, "length", 5, "length", 162, 144, 1434672, 245, 44, "length", 45, "length", 6, "length", 6, "length", 44, "length", 43, "length", 6, "length", 6, "length", 125, 151, 1657074, 49, 45, "length", 46, "length", 7, "length", 7, "length", 45, "length", 44, "length", 7, "length", 7, "length", 139, 61, 792390, 72, 46, "length", 47, "length", 8, "length", 8, "length", 46, "length", 45, "length", 8, "length", 8, "length", 182, 243, 55890, 239, 47, "length", 48, "length", 9, "length", 9, "length", 47, "length", 46, "length", 9, "length", 9, "length", 152, 44, 468292, 121, 48, "length", 49, "length", 10, "length", 10, "length", 48, "length", 47, "length", 10, "length", 10, "length", 128, 222, 4570092, 32, 49, "length", 50, "length", 11, "length", 11, "length", 49, "length", 48, "length", 11, "length", 11, "length", 209, 226, 4415362, 222, 50, "length", 51, "length", 12, "length", 12, "length", 50, "length", 49, "length", 12, "length", 12, "length", 209, 122, 4538278, 34, 51, "length", 52, "length", 13, "length", 13, "length", 51, "length", 50, "length", 13, "length", 13, "length", 39, 24, 209304, 69, 52, "length", 53, "length", 14, "length", 14, "length", 52, "length", 51, "length", 14, "length", 14, "length", 235, 161, 1588748, 49, 53, "length", 54, "length", 15, "length", 15, "length", 53, "length", 52, "length", 15, "length", 15, "length", 58, 208, 3339440, 118, 54, "length", 55, "length", 16, "length", 16, "length", 54, "length", 53, "length", 16, "length", 16, "length", 214, 72, 952128, 252, 55, "length", 56, "length", 17, "length", 17, "length", 55, "length", 54, "length", 17, "length", 17, "length", 19, 117, 2922543, 134, 56, "length", 57, "length", 18, "length", 18, "length", 56, "length", 55, "length", 18, "length", 18, "length", 249, 16, 312864, 63, 57, "length", 58, "length", 19, "length", 19, "length", 57, "length", 56, "length", 19, "length", 19, "length", 191, 31, 929380, 109, 58, "length", 59, "length", 20, "length", 20, "length", 58, "length", 57, "length", 20, "length", 20, "length", 156, 197, 8851407, 28, 59, "length", 60, "length", 21, "length", 21, "length", 59, "length", 58, "length", 21, "length", 21, "length", 125, 155, 1846515, 253, 60, "length", 61, "length", 22, "length", 22, "length", 60, "length", 59, "length", 22, "length", 22, "length", 33, 220, 2953720, 207, 61, "length", 62, "length", 23, "length", 23, "length", 61, "length", 60, "length", 23, "length", 23, "length", 205, 237, 3463992, 249, 62, "length", 63, "length", 24, "length", 24, "length", 62, "length", 61, "length", 24, "length", 24, "length", 101, 44, 1280928, 159, 63, "length", 64, "length", 25, "length", 25, "length", 63, "length", 62, "length", 25, "length", 25, "length", 5, 30, 127560, 163, 64, "length", 65, "length", 26, "length", 26, "length", 64, "length", 63, "length", 26, "length", 26, "length", 208, 13, 197301, 227, 65, "length", 66, "length", 27, "length", 27, "length", 65, "length", 64, "length", 27, "length", 27, "length", 36, 18, 386910, 64, 66, "length", 67, "length", 28, "length", 28, "length", 66, "length", 65, "length", 28, "length", 28, "length", 226, 39, 114738, 158, 67, "length", 68, "length", 29, "length", 29, "length", 67, "length", 66, "length", 29, "length", 29, "length", 23, 55, 742775, 206, 68, "length", 69, "length", 30, "length", 30, "length", 68, "length", 67, "length", 30, "length", 30, "length", 17, 42, 501690, 59, 69, "length", 70, "length", 31, "length", 31, "length", 69, "length", 68, "length", 31, "length", 31, "length", 78, 196, 4778284, 96, 70, "length", 71, "length", 32, "length", 32, "length", 70, "length", 69, "length", 32, "length", 32, "length", 11, 55, 272085, 122, 71, "length", 72, "length", 33, "length", 33, "length", 71, "length", 70, "length", 33, "length", 33, "length", 79, 192, 1371072, 236, 72, "length", 73, "length", 34, "length", 34, "length", 72, "length", 71, "length", 34, "length", 34, "length", 32, 148, 2206236, 123, 73, "length", 74, "length", 35, "length", 35, "length", 73, "length", 72, "length", 35, "length", 35, "length", 215, 161, 4155088, 182, 74, "length", 75, "length", 36, "length", 36, "length", 74, "length", 73, "length", 36, "length", 36, "length", 90, 247, 11333348, 182, 75, "length", 76, "length", 37, "length", 37, "length", 75, "length", 74, "length", 37, "length", 37, "length", 116, 130, 2257580, 118, 132, 18, 178, 129, 129, 76, 46, 122, 245, 148, 189, 102, 88, 141, 71, 190, 159, 64, 149, 222, 4, 73, 81, 187, 219, 72, 89, 16, 234, 186, 137, 111, 90, 81, 85, 98, 167, 96, 253, 171, 177, 222, 14, 140, 126, 202, 44, 144, 199, 228, 38, 160, 156, 186, 13, 138, 197, 246, 208, 157, 251, 211, 127, 140, 13, 48, 30, 86, 151, 56, 205, 168, 209, 203, 150, 93, 110, 51, 238, 220, 200, 67, 239, 98, 7, 199, 64, 25, 161, 170, 13, 178, 69, 30, 133, 1, 50, 28, 181, 106, 156, 204, 166, 213, 104, 28, 220, 230, 56, 153, 231, 129, 243, 70, 222, 24, 3, 200, 140, 86, 73, 168, 158, 242, 244, 170, 93, 53, 69, 222, 198, 10, 62, 148, 75, 226, 184, 178, 3, 176, 234, 204, 88, 212, 156, 108, 91, 208, 113, 121, 132, 203, 108, 49, 191, 167, 153, 49, 95, 52, 150, 190, 64, 231, 245, 33, 159, 62, 134, 187, 86, 41, 21, 242, 190, 11, 44, 54, 245, 113, 1, 88, 70, 144, 43, 24, 116, 22, 149, 49, 179, 0, 188, 54, 77, 166, 195, 141, 130, 217, 136, 242, 127, 144, 38, 130, 183, 75, 156, 181, 45, 69, 56, 78, 165, 133, 193, 38, 78, 204, 178, 187, 187, 184, 201, 152, 47, 25, 115, 46, 71, 55, 245, 149, 147, 223, 98, 118, 100, 4, 189, 175, 79, 210, 117, 180, 165, 224, 215, 153, 49, 169, 133, 158, 214, 248, 222, 112, 7, 182, 164, 151, 182, 93, 147, 161, 225, 72, 238, 179, 26, 24, 114, 27, 51, 94, 226, 249, 164, 116, 129, 68, 194, 228, 222, 65, 98, 47, 100, 169, 52, 121, 139, 102, 218, 246, 117, 16, 37, 124, 118, 158, 65, 251, 47, 254, 64, 2, 181, 197, 196, 102, 198, 136, 51, 35, 107, 219, 171, 158, 226, 91, 214, 47, 208, 19, 173, 146, 121, 97, 195, 0, 218, 197, 100, 188, 235, 75, 181, 222, 194, 154, 8, 205, 79, 234, 85, 126, 218, 213, 234, 218, 36, 120, 39, 98, 238, 100, 133, 9, 9, 241, 0, 19, 168, 251, 188, 182, 51, 104, 141, 231, 48, 158, 22, 29, 132, 145, 28, 206, 3, 66, 78, 19, 113, 145, 56, 73, 67, 148, 48, 174, 86, 4, 133, 139, 128, 49, 213, 222, 9, 116, 44, 251, 247, 32, 94, 155, 7, 124, 211, 33, 73, 196, 80, 58, 241, 177, 119, 225, 126, 149, 49, 202, 122, 48, 151, 111, 117, 157, 172, 2, 239, 114, 170, 156, 130, 224, 202, 23, 7, 118, 128, 231, 89, 34, 180, 224, 181, 11, 82, 207, 57, 29, 144, 136, 98, 176, 166, 62, 51, 232, 126, 125, 125, 141, 110, 218, 147, 57, 204, 24, 205, 94, 171, 41, 88, 183, 218, 222, 153, 158, 16, 188, 36, 147, 253, 124, 10, 36, 155, 216, 111, 93, 128, 223, 120, 145, 200];
  const _0x584466 = [];

  for (let _0x4426f4 = 0; _0x4426f4 < _0x25883e["length"]; _0x4426f4++) {
    _0x1c72ba[_0x4426f4] = _0x25883e[_0x4426f4];
  }

  function _0x37448b(_0x5f5c9d) {
    _0x1c72ba["push"](_0x5f5c9d);

    return _0x1c72ba["length"] - 1;
  }

  _0x55b20f["forEach"](_0x5e5b3d => {
    if (typeof _0x5e5b3d === "string") {
      const _0xc55560 = eval('(' + atob(_0x11a6b6[_0x5ab57e[parseInt(_0x5e5b3d)]]) + ')');

      _0x584466["push"](_0x37448b(_0xc55560(_0x584466, _0x1c72ba)));
    } else {
      _0x584466["push"](_0x5e5b3d);
    }
  });

  return _0x1c72ba[_0x584466["pop"]()];
}

拿到日志,还原加密逻辑,最后爆破一下就能得到flag

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
test=[ord(i) for i in "wwf{"+"0"*33+"}"]
key1 = [252, 174, 221, 116, 74, 140, 110, 29]
key2 = [166, 74, 96, 96, 218, 220, 56, 111]
data1 = [14, 188, 236, 83, 168, 205, 245, 49, 72, 239, 121, 32, 222, 34, 69, 49, 118, 252, 134, 63, 109, 28, 253, 207,
         249, 159, 163, 227, 64, 158, 206, 59, 96, 122, 236, 123, 182, 182]
data2 = [69, 57, 38, 248, 101, 162, 125, 139, 182, 152, 128, 209, 209, 39, 235, 58, 214, 19, 249, 191, 156, 125, 33,
         205, 101, 5, 208, 36, 226, 23, 17, 78, 11, 79, 32, 215, 90, 116]
data3 = [69, 213, 182, 254, 115, 144, 151, 61, 243, 44, 222, 226, 122, 24, 161, 208, 72, 117, 16, 31, 197, 155, 220,
         237, 44, 30, 13, 18, 39, 55, 42, 196, 55, 192, 148, 161, 247, 130]
enc = [103569, 1410273, 1194466, 3304794, 4250975, 1434672, 1657074, 792390, 55890, 468292, 4570092, 4415362, 4538278,
       209304, 1588748, 3339440, 952128, 2922543, 312864, 929380, 8851407, 1846515, 2953720, 3463992, 1280928, 127560,
       197301, 386910, 114738, 742775, 501690, 4778284, 272085, 1371072, 2206236, 4155088, 11333348, 2257580]

for k in range(4,38):
    for j in range(128):

        test[k]=j
        found=False
        for i in range(38):
            temp1=test[i]^test[(i+1)%38]

            temp2=temp1*key1[i%8]+key2[i%8]

            temp2^=data1[i]

            temp3=test[i]+test[i-1]

            temp4=(temp3^key1[i%8])*key2[i%8]+data2[i]
            if (((temp4^temp2)*data3[i])==enc[k-1]):
                found=True
                print("".join(map(chr,test)))
                break
        if found:
            break
#wwf{m45h1r0_w41fu_>_<_50_cu73~~_4hw4_}

Remind’s Funny Stories

https://github.com/worawit/blutter

在pp.txt中搜一下界面中出现的文字

看到了一个Winner

可以看到aes和base64

在asm\truyencuoiremind3\main.dart中找到密文,密钥和iv

Floats

z3,不过必须分段求,一把求求不出来

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
# v6=[-0.0, 0.0, 0.0, -0.0, -0.0, 0.0, 0.0, -0.0, -0.0, -0.0, 0.0, 0.0, -0.0, 0.0, 0.0, -0.0, 0.0, -0.0, -0.0, -0.0, -0.0, 0.0, 0.0, -0.0, 0.0, 0.0, 0.0, -0.0, -0.0, 0.0, 0.0, -0.0, 0.0, 0.0, -0.0, 0.0, 0.0, 0.0, 0.0, -0.0, 0.0, 0.0, -0.0, -0.0, 0.0, 0.0, -0.0, -0.0, -0.0, 0.0, -0.0, -0.0, 0.0, 0.0, -0.0, -0.0, 0.0, -0.0, -0.0, -0.0, 0.0, 0.0, 0.0, -0.0, -0.0, -0.0, -0.0, 0.0, -0.0, -0.0, 0.0, -0.0, 0.0, -0.0, 0.0, -0.0, 0.0, 0.0, 0.0, -0.0, 0.0, 0.0, 0.0, -0.0, 0.0, 0.0, -0.0, -0.0, -0.0, 0.0, -0.0, 0.0, -0.0, -0.0, 0.0, -0.0, 0.0, -0.0, -0.0, -0.0, 0.0, 0.0, -0.0, -0.0, 0.0, -0.0, -0.0, 0.0, -0.0, 0.0, 0.0, -0.0, -0.0, 0.0, -0.0, 0.0, 0.0, 0.0, 0.0, -0.0, 0.0, 0.0, -0.0, 0.0, -0.0, 0.0, 0.0, -0.0]
from z3 import *
from tqdm import tqdm

v6 = [FP(f'x{i}', Float32()) for i in range(128)]
x = Solver()
zero_pos = FPVal(0.0, Float32())
zero_neg = FPVal(-0.0, Float32())

for i in range(128):
    x.add(Or(v6[i] == zero_pos, v6[i] == zero_neg))

resule=(
           v6[0]
         + (((v6[3]
            + (v6[4]
             + (v6[5]
              + (v6[6]
               + ((v6[8]
                 + ((((v6[12]
                     + ((v6[14]
                       + (v6[15]
                        + ((((v6[19]
                            + (((v6[22]
                               + (v6[23]
                                + (v6[24]
                                 + ((v6[26]
                                   + (((v6[29]
                                      + (((v6[32]
                                         + ((v6[34]
                                           + (v6[35]
                                            + (v6[36]
                                             + ((v6[38]
                                               + (v6[39]
                                                + ((v6[41]
                                                  + ((v6[43]
                                                    + (v6[44]
                                                     + (v6[45]
                                                      + ((((((v6[51]
                                                            + (v6[52]
                                                             + (v6[53]
                                                              + (v6[54]
                                                               + (((v6[57]
                                                                  + (v6[58]
                                                                   + (v6[59]
                                                                    + ((v6[61]
                                                                      + (v6[62]
                                                                       + (((v6[65]
                                                                          + ((v6[67]
                                                                            + (((v6[70]
                                                                               + ((v6[72]
                                                                                 + ((v6[74]
                                                                                   + (((v6[77]
                                                                                      + (((v6[80]
                                                                                         + ((v6[82]
                                                                                           + (v6[83]
                                                                                            + (v6[84]
                                                                                             + (((v6[87]
                                                                                                + (v6[88]
                                                                                                 + ((v6[90] + (v6[91] + ((((((v6[97] + ((v6[99] + ((((v6[103] + ((v6[105] + (v6[106] + (v6[107] + ((v6[109] + ((v6[111] + (v6[112] + ((v6[114] + ((v6[116] + (v6[117] + (((v6[120] + (v6[121] + ((v6[123] + ((v6[125] + (v6[126] - v6[127])) - v6[124])) - v6[122]))) - v6[119]) - v6[118]))) - v6[115])) - v6[113]))) - v6[110])) - v6[108])))) - v6[104])) - v6[102]) - v6[101]) - v6[100])) - v6[98])) - v6[96]) - v6[95]) - v6[94]) - v6[93]) - v6[92])))
                                                                                                  - v6[89])))
                                                                                               - v6[86])
                                                                                              - v6[85]))))
                                                                                          - v6[81]))
                                                                                        - v6[79])
                                                                                       - v6[78]))
                                                                                     - v6[76])
                                                                                    - v6[75]))
                                                                                  - v6[73]))
                                                                                - v6[71]))
                                                                              - v6[69])
                                                                             - v6[68]))
                                                                           - v6[66]))
                                                                         - v6[64])
                                                                        - v6[63])))
                                                                     - v6[60]))))
                                                                 - v6[56])
                                                                - v6[55])))))
                                                           - v6[50])
                                                          - v6[49])
                                                         - v6[48])
                                                        - v6[47])
                                                       - v6[46]))))
                                                   - v6[42]))
                                                 - v6[40])))
                                              - v6[37]))))
                                          - v6[33]))
                                        - v6[31])
                                       - v6[30]))
                                     - v6[28])
                                    - v6[27]))
                                  - v6[25]))))
                              - v6[21])
                             - v6[20]))
                           - v6[18])
                          - v6[17])
                         - v6[16])))
                      - v6[13]))
                    - v6[11])
                   - v6[10])
                  - v6[9]))
                - v6[7])))))
           - v6[2])
          - v6[1]))


def formated(s):
    get = s.split("\n")
    v6 = [0] * 128
    for i in get:
        ins = i.split("=")
        try:
            v6[eval(ins[0].strip())] = eval(ins[1].strip())
        except:
            pass
    print(v6)
    return v6

x.add(resule==-0.0)
if x.check() == sat:
    model = x.model()
    check = formated(str(model).replace("[", "").replace("x", "").replace(",", "").replace("]", ""))
else:
    exit()
# check=[-0.0, 0.0, 0.0, -0.0, -0.0, -0.0, -0.0, 0.0, -0.0, 0.0, 0.0, 0.0, -0.0, 0.0, -0.0, -0.0, 0.0, 0.0, 0.0, -0.0, 0.0, 0.0, -0.0, -0.0, -0.0, 0.0, -0.0, 0.0, 0.0, -0.0, 0.0, 0.0, -0.0, 0.0, -0.0, -0.0, -0.0, 0.0, -0.0, -0.0, 0.0, -0.0, 0.0, -0.0, -0.0, -0.0, 0.0, 0.0, 0.0, 0.0, 0.0, -0.0, -0.0, -0.0, -0.0, 0.0, 0.0, -0.0, -0.0, -0.0, 0.0, -0.0, -0.0, 0.0, 0.0, -0.0, 0.0, -0.0, 0.0, 0.0, -0.0, 0.0, -0.0, 0.0, -0.0, 0.0, 0.0, -0.0, 0.0, 0.0, -0.0, 0.0, -0.0, -0.0, -0.0, 0.0, 0.0, -0.0, -0.0, 0.0, -0.0, -0.0, 0.0, 0.0, 0.0, 0.0, 0.0, -0.0, 0.0, -0.0, 0.0, 0.0, 0.0, -0.0, 0.0, -0.0, -0.0, -0.0, 0.0, -0.0, 0.0, -0.0, -0.0, 0.0, -0.0, 0.0, -0.0, -0.0, 0.0, 0.0, -0.0, -0.0, 0.0, -0.0, 0.0, -0.0, -0.0, 0.0]

#这里怎么转数组??拷打gpt没拷打出来
def formated(s):
    get = s.split("\n")
    v6 = [0] * 128
    for i in get:
        ins = i.split("=")
        try:
            v6[eval(ins[0].strip())] = eval(ins[1].strip())
        except:
            pass
    print(v6)
    return v6

for _ in tqdm(range(16)):
    v6 = [FP(f'x{i}', Float32()) for i in range(128)]
    x=Solver()
    zero_pos = FPVal(0.0, Float32())
    zero_neg = FPVal(-0.0, Float32())
    for i in range(128):
        x.add(Or(v6[i] == zero_pos, v6[i] == zero_neg))
    for j in range(1):
        v7 = v6[116] + v6[127]
        v8 = -v6[127] - v6[116]
        v9 = -(v6[116] + v6[127]) - v8
        v10 = v6[115] + v6[126]
        v11 = -v6[126] - v6[115]
        v12 = -(v6[115] + v6[126]) - v11
        v13 = v6[114] + v6[125]
        v14 = -v6[125] - v6[114]
        v15 = -(v6[114] + v6[125]) - v14
        v16 = v6[113] + v6[124]
        v17 = -v6[124] - v6[113]
        v18 = -(v6[113] + v6[124]) - v17
        v19 = v6[112] + v6[123]
        v20 = -v6[123] - v6[112]
        v21 = -(v6[112] + v6[123]) - v20
        v22 = v6[111] + v6[122]
        v23 = -v6[122] - v6[111]
        v24 = -(v6[111] + v6[122]) - v23
        v25 = v6[110] + v6[121]
        v26 = -v6[121] - v6[110]
        v27 = -(v6[110] + v6[121]) - v26
        v28 = v6[109] + v6[120]
        v29 = -v6[120] - v6[109]
        v30 = -(v6[109] + v6[120]) - v29
        v31 = v6[108] + v6[119]
        v32 = -v6[119] - v6[108]
        v33 = -(v6[108] + v6[119]) - v32
        v34 = v6[107] + v6[118]
        v35 = -v6[118] - v6[107]
        v36 = -(v6[107] + v6[118]) - v35
        v37 = v6[106] + v6[117]
        v38 = -v6[117] - v6[106]
        v39 = -(v6[106] + v6[117]) - v38
        v40 = v6[105] + v6[116]
        v41 = -v6[116] - v6[105]
        v42 = -(v6[105] + v6[116]) - v41
        v43 = v6[104] + v6[115]
        v44 = -v6[115] - v6[104]
        v45 = -(v6[104] + v6[115]) - v44
        v46 = v6[103] + v6[114]
        v47 = -v6[114] - v6[103]
        v48 = -(v6[103] + v6[114]) - v47
        v49 = v6[102] + v6[113]
        v50 = -v6[113] - v6[102]
        v51 = -(v6[102] + v6[113]) - v50
        v52 = v6[101] + v6[112]
        v53 = -v6[112] - v6[101]
        v54 = -(v6[101] + v6[112]) - v53
        v55 = v6[100] + v6[111]
        v56 = -v6[111] - v6[100]
        v57 = -(v6[100] + v6[111]) - v56
        v58 = v6[99] + v6[110]
        v59 = -v6[110] - v6[99]
        v60 = -(v6[99] + v6[110]) - v59
        v61 = v6[98] + v6[109]
        v62 = -v6[109] - v6[98]
        v63 = -(v6[98] + v6[109]) - v62
        v64 = v6[97] + v6[108]
        v65 = -v6[108] - v6[97]
        v66 = -(v6[97] + v6[108]) - v65
        v67 = v6[96] + v6[107]
        v68 = -v6[107] - v6[96]
        v69 = -(v6[96] + v6[107]) - v68
        v70 = v6[104] + v6[96]
        v71 = -v6[96] - v6[104]
        v72 = -(v6[104] + v6[96]) - v71
        v73 = v6[105] + v6[97]
        v74 = -v6[97] - v6[105]
        v75 = -(v6[105] + v6[97]) - v74
        v76 = v6[106] + v6[98]
        v77 = -v6[98] - v6[106]
        v78 = -(v6[106] + v6[98]) - v77
        v79 = v6[99] - v69
        v80 = v69 - v6[99]
        v81 = -(v6[99] - v69) - (v69 - v6[99])
        v82 = v6[100] - v66
        v83 = v66 - v6[100]
        v84 = -(v6[100] - v66) - (v66 - v6[100])
        v85 = v6[101] - v63
        v86 = v63 - v6[101]
        v87 = -(v6[101] - v63) - (v63 - v6[101])
        v88 = v6[102] - v60
        v89 = v60 - v6[102]
        v90 = -(v6[102] - v60) - (v60 - v6[102])
        v91 = v6[103] - v57
        v92 = v57 - v6[103]
        v93 = -(v6[103] - v57) - (v57 - v6[103])
        v94 = v6[104] - v54
        v95 = v54 - v6[104]
        v96 = -(v6[104] - v54) - (v54 - v6[104])
        v97 = v6[105] - v51
        v98 = v51 - v6[105]
        v99 = -(v6[105] - v51) - (v51 - v6[105])
        v100 = v6[106] - v48
        v101 = v48 - v6[106]
        v102 = -(v6[106] - v48) - (v48 - v6[106])
        v103 = -v69 - v45
        v104 = v45 + v69
        v105 = -v103 - (v45 + v69)
        v106 = -v66 - v42
        v107 = v42 + v66
        v108 = -v106 - (v42 + v66)
        v109 = -v63 - v39
        v110 = v39 + v63
        v111 = -v109 - (v39 + v63)
        v112 = -v60 - v36
        v113 = v36 + v60
        v114 = -v112 - (v36 + v60)
        v115 = -v57 - v33
        v116 = v33 + v57
        v117 = -v115 - (v33 + v57)
        v118 = -v54 - v30
        v119 = v30 + v54
        v120 = -v118 - (v30 + v54)
        v121 = -v51 - v27
        v122 = v27 + v51
        v123 = -v121 - (v27 + v51)
        v124 = -v48 - v24
        v125 = v24 + v48
        v126 = -v124 - (v24 + v48)
        v127 = -v45 - v21
        v128 = v21 + v45
        v129 = -v127 - (v21 + v45)
        v130 = -v42 - v18
        v131 = v18 + v42
        v132 = -v130 - (v18 + v42)
        v133 = -v39 - v15
        v134 = v15 + v39
        v135 = -v133 - (v15 + v39)
        v136 = -v36 - v12
        v137 = v12 + v36
        v138 = -v136 - (v12 + v36)
        v139 = -v33 - v9
        v140 = v9 + v33
        v141 = -v139 - (v9 + v33)
        v142 = v6[31] - v9
        v143 = v9 - v6[31]
        v144 = -(v6[31] - v9) - (v9 - v6[31])
        v145 = v6[30] - v12
        v146 = v12 - v6[30]
        v147 = -(v6[30] - v12) - (v12 - v6[30])
        v148 = v6[29] - v15
        v149 = v15 - v6[29]
        v150 = -(v6[29] - v15) - (v15 - v6[29])
        v151 = v6[28] - v18
        v152 = v18 - v6[28]
        v153 = -(v6[28] - v18) - (v18 - v6[28])
        v154 = v6[27] - v21
        v155 = v21 - v6[27]
        v156 = -(v6[27] - v21) - (v21 - v6[27])
        v157 = v6[26] - v24
        v158 = v24 - v6[26]
        v159 = -(v6[26] - v24) - (v24 - v6[26])
        v160 = v6[25] - v27
        v161 = v27 - v6[25]
        v162 = -(v6[25] - v27) - (v27 - v6[25])
        v163 = v6[24] - v30
        v164 = v30 - v6[24]
        v165 = -(v6[24] - v30) - (v30 - v6[24])
        v166 = v6[23] - v141
        v167 = v141 - v6[23]
        v168 = -(v6[23] - v141) - (v141 - v6[23])
        v169 = v6[22] - v138
        v170 = v138 - v6[22]
        v171 = -(v6[22] - v138) - (v138 - v6[22])
        v172 = v6[21] - v135
        v173 = v135 - v6[21]
        v174 = -(v6[21] - v135) - (v135 - v6[21])
        v175 = v6[20] - v132
        v176 = v132 - v6[20]
        v177 = -(v6[20] - v132) - (v132 - v6[20])
        v178 = v6[19] - v129
        v179 = v129 - v6[19]
        v180 = -(v6[19] - v129) - (v129 - v6[19])
        v181 = v6[18] - v126
        v182 = v126 - v6[18]
        v183 = -(v6[18] - v126) - (v126 - v6[18])
        v184 = v6[17] - v123
        v185 = v123 - v6[17]
        v186 = -(v6[17] - v123) - (v123 - v6[17])
        v187 = v6[16] - v120
        v188 = v120 - v6[16]
        v189 = -(v6[16] - v120) - (v120 - v6[16])
        v190 = v6[15] - v117
        v191 = v117 - v6[15]
        v192 = -(v6[15] - v117) - (v117 - v6[15])
        v193 = v6[14] - v114
        v194 = v114 - v6[14]
        v195 = -(v6[14] - v114) - (v114 - v6[14])
        v196 = v6[13] - v111
        v197 = v111 - v6[13]
        v198 = -(v6[13] - v111) - (v111 - v6[13])
        v199 = v6[12] - v108
        v200 = v108 - v6[12]
        v201 = -(v6[12] - v108) - (v108 - v6[12])
        v202 = v6[11] - v105
        v203 = v105 - v6[11]
        v204 = -(v6[11] - v105) - (v105 - v6[11])
        v205 = v6[10] - v102
        v206 = v102 - v6[10]
        v207 = -(v6[10] - v102) - (v102 - v6[10])
        v208 = v6[9] - v99
        v209 = v99 - v6[9]
        v210 = -(v6[9] - v99) - (v99 - v6[9])
        v211 = v6[8] - v96
        v212 = v96 - v6[8]
        v213 = -(v6[8] - v96) - (v96 - v6[8])
        v214 = v6[7] - v93
        v215 = v93 - v6[7]
        v216 = -(v6[7] - v93) - (v93 - v6[7])
        v217 = v6[6] - v90
        v218 = v90 - v6[6]
        v219 = -(v6[6] - v90) - (v90 - v6[6])
        v220 = v6[5] - v87
        v221 = v87 - v6[5]
        v222 = -(v6[5] - v87) - (v87 - v6[5])
        v223 = v6[4] - v84
        v224 = v84 - v6[4]
        v225 = -(v6[4] - v84) - (v84 - v6[4])
        v226 = v6[3] - v81
        v227 = v81 - v6[3]
        v228 = -(v6[3] - v81) - (v81 - v6[3])
        v229 = v6[2] - v78
        v230 = v78 - v6[2]
        v231 = -(v6[2] - v78) - (v78 - v6[2])
        v232 = v6[1] - v75
        v233 = v75 - v6[1]
        v234 = -(v6[1] - v75) - (v75 - v6[1])
        v235 = v6[0] - v72
        v236 = v72 - v6[0]
        v237 = -(v6[0] - v72) - (v72 - v6[0])
        v238 = v6[31] - v201
        v239 = v201 - v6[31]
        v240 = -(v6[31] - v201) - (v201 - v6[31])
        v241 = v6[30] - v204
        v242 = v204 - v6[30]
        v243 = -(v6[30] - v204) - (v204 - v6[30])
        v244 = v6[29] - v207
        v245 = v207 - v6[29]
        v246 = -(v6[29] - v207) - (v207 - v6[29])
        v247 = v6[28] - v210
        v248 = v210 - v6[28]
        v249 = -(v6[28] - v210) - (v210 - v6[28])
        v250 = v6[27] - v213
        v251 = v213 - v6[27]
        v252 = -(v6[27] - v213) - (v213 - v6[27])
        v253 = v6[26] - v216
        v254 = v216 - v6[26]
        v255 = -(v6[26] - v216) - (v216 - v6[26])
        v256 = v6[25] - v219
        v257 = v219 - v6[25]
        v258 = -(v6[25] - v219) - (v219 - v6[25])
        v259 = v6[24] - v222
        v260 = v222 - v6[24]
        v261 = -(v6[24] - v222) - (v222 - v6[24])
        v262 = v6[23] - v225
        v263 = v225 - v6[23]
        v264 = -(v6[23] - v225) - (v225 - v6[23])
        v265 = v6[22] - v228
        v266 = v228 - v6[22]
        v267 = -(v6[22] - v228) - (v228 - v6[22])
        v268 = v6[21] - v231
        v269 = v231 - v6[21]
        v270 = -(v6[21] - v231) - (v231 - v6[21])
        v271 = v6[20] - v234
        v272 = v234 - v6[20]
        v273 = -(v6[20] - v234) - (v234 - v6[20])
        v274 = v6[19] - v237
        v275 = v237 - v6[19]
        v276 = -(v6[19] - v237) - (v237 - v6[19])
        v6[127] = v6[95]
        v6[126] = v6[94]
        v6[125] = v6[93]
        v6[124] = v6[92]
        v6[123] = v6[91]
        v6[122] = v6[90]
        v6[121] = v6[89]
        v6[120] = v6[88]
        v6[119] = v6[87]
        v6[118] = v6[86]
        v6[117] = v6[85]
        v6[116] = v6[84]
        v6[115] = v6[83]
        v6[114] = v6[82]
        v6[113] = v6[81]
        v6[112] = v6[80]
        v6[111] = v6[79]
        v6[110] = v6[78]
        v6[109] = v6[77]
        v6[108] = v6[76]
        v6[107] = v6[75]
        v6[106] = v6[74]
        v6[105] = v6[73]
        v6[104] = v6[72]
        v6[103] = v6[71]
        v6[102] = v6[70]
        v6[101] = v6[69]
        v6[100] = v6[68]
        v6[99] = v6[67]
        v6[98] = v6[66]
        v6[97] = v6[65]
        v6[96] = v6[64]
        v6[95] = v6[63]
        v6[94] = v6[62]
        v6[93] = v6[61]
        v6[92] = v6[60]
        v6[91] = v6[59]
        v6[90] = v6[58]
        v6[89] = v6[57]
        v6[88] = v6[56]
        v6[87] = v6[55]
        v6[86] = v6[54]
        v6[85] = v6[53]
        v6[84] = v6[52]
        v6[83] = v6[51]
        v6[82] = v6[50]
        v6[81] = v6[49]
        v6[80] = v6[48]
        v6[79] = v6[47]
        v6[78] = v6[46]
        v6[77] = v6[45]
        v6[76] = v6[44]
        v6[75] = v6[43]
        v6[74] = v6[42]
        v6[73] = v6[41]
        v6[72] = v6[40]
        v6[71] = v6[39]
        v6[70] = v6[38]
        v6[69] = v6[37]
        v6[68] = v6[36]
        v6[67] = v6[35]
        v6[66] = v6[34]
        v6[65] = v6[33]
        v6[64] = v6[32]
        v6[63] = v6[31]
        v6[62] = v6[30]
        v6[61] = v6[29]
        v6[60] = v6[28]
        v6[59] = v6[27]
        v6[58] = v6[26]
        v6[57] = v6[25]
        v6[56] = v6[24]
        v6[55] = v6[23]
        v6[54] = v6[22]
        v6[53] = v6[21]
        v6[52] = v6[20]
        v6[51] = v6[19]
        v6[50] = v6[18]
        v6[49] = v6[17]
        v6[48] = v6[16]
        v6[47] = v6[15]
        v6[46] = v6[14]
        v6[45] = v6[13]
        v6[44] = v6[12]
        v6[43] = v6[11]
        v6[42] = v6[10]
        v6[41] = v6[9]
        v6[40] = v6[8]
        v6[39] = v6[7]
        v6[38] = v6[6]
        v6[37] = v6[5]
        v6[36] = v6[4]
        v6[35] = v6[3]
        v6[34] = v6[2]
        v6[33] = v6[1]
        v6[32] = v6[0]
        v6[31] = -v144
        v6[30] = -v147
        v6[29] = -v150
        v6[28] = -v153
        v6[27] = -v156
        v6[26] = -v159
        v6[25] = -v162
        v6[24] = -v165
        v6[23] = -v168
        v6[22] = -v171
        v6[21] = -v174
        v6[20] = -v177
        v6[19] = -v180
        v6[18] = -v183
        v6[17] = -v186
        v6[16] = -v189
        v6[15] = -v192
        v6[14] = -v195
        v6[13] = -v198
        v6[12] = -v240
        v6[11] = -v243
        v6[10] = -v246
        v6[9] = -v249
        v6[8] = -v252
        v6[7] = -v255
        v6[6] = -v258
        v6[5] = -v261
        v6[4] = -v264
        v6[3] = -v267
        v6[2] = -v270
        v6[1] = -v273
        v6[0] = -v276


    for i in range(128):
        x.add(v6[i]==check[i])
    # x.add(result==-0.0)
    ans=[]
    if x.check() == sat:
        model = x.model()
        check=formated(str(model).replace("[","").replace("x","").replace(",","").replace("]",""))

flag=""
get=check[::-1]
for i in get:
    if str(i)=="-0.0":
        flag+="0"
    else:
        flag+="1"
flag1=""
for i in range(0,len(flag),8):
    flag1+=chr(int(flag[i:i+8],2))
print(flag1[::-1])

wwf{no_angr_pls_and_a_long_flag}

  • Title: 2024-word-wide-ctf WP
  • Author: clev1L
  • Created at : 2024-12-01 17:20:14
  • Updated at : 2025-02-23 12:29:57
  • Link: https://github.com/clev1l/2024/12/01/2024-word-wide-ctf-WP/
  • License: This work is licensed under CC BY-NC-SA 4.0.
Comments
On this page
2024-word-wide-ctf WP
  1. Flag Checker
  2. Ransom Waifu
  3. Remind’s Funny Stories
  4. Floats